摘要
网络隐蔽信道是利用网络协议中的保留、可选或未定义等字段在网络不同主机间建立秘密消息传输的通信信道,其中HTTP协议作为万维网上最常用的协议之一,是网络隐蔽信道的良好载体。为有效检测基于HTTP协议的隐蔽信道,提出一种基于Markov模型的隐蔽信道检测方法。以Host、Connection、Accept和User-Agent为关键字,建立数据包的Markov模型并计算其状态转移概率矩阵,利用待测数据包与正常数据包2个概率矩阵之间的相对熵,判别是否存在隐蔽信道通信。实验结果表明,当隐蔽信道中的异常数据超过70%时,该方法检测率可达97%以上。
The network covert channel is a communication channel that establishes secret message transmission between different hosts on the network by utilizing reserved,optional or undefined fields in the network protocols.HTTP protocol,as one of the most commonly used protocols on the World Wide Web,becomes a good carrier of network covert channels.In order to effectively detect the HTTP protocol-based covert channel,this paper proposes a covert channel detection method based on Markov model.Taking Host,Connection,Accept and User-Agent as keywords,this method establishes the Markov model of data packet and calculates the state transition probability matrix of this model.The relative entropy between the data packet to be tested and the normal data packet is used to determine whether the covert channel exists or not.Experimental results show that when the abnormal data in the covert channel exceeds 70%,the detection rate of this method can reach more than 97%.
作者
沈国良
翟江涛
戴跃伟
SHEN Guoliang;ZHAI Jiangtao;DAI Yuewei(School of Electronics and Information,Jiangsu University of Science and Technology,Zhenjiang,Jiangsu 212003,China;School of Computer and Software,Nanjing University of Information Science and Technology,Nanjing 210000,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2020年第2期154-158,169,共6页
Computer Engineering
基金
国家自然科学基金(61702235,61472188,61602247,U1636117)
江苏省自然科学基金(BK20150472,BK20160840)
